Far more than Windows, Linux is designed with a lot of security concerns in mind especially when it comes to its multi-user environment. To access your Linux server, you require a username and a password.
A malicious person with unlimited access to your server can try to compromise your system by a brute-force attack. To get around this loophole, you would require creating a public/private key pair for login on to your server because they keys are very hard to guess with the current computing power.
On top of this, you can also create a passphrase on your private key to add another layer of security in case your private key ends in the wrong hands.
In this guide, we are going to show you how to create a private/public key pair for your Ubuntu 18.04 Linux server.
Special Note: information security is a complex topic which often requires expertise. If you have a Linux hosting plan and are concerned about security issues, but do not have the necessary expertise, consider switching to a Linux hosting plan with high review grades for customer support. The top rated Linux hosting providers are known for providing outstanding support and will help you to configure your server according to your needs.
- An Ubuntu 18.04 server
- A non-root user with sudo privileges
- PuTTY key Generator
Step 1: Generate Private/Public Key pair on your local computer
Launch the PuTTy key Generator on your computer and click on “Generate” button to create a 2048 bit RSA key. You will be required to make some random moves on the key field in order to generate hard-to-guess values.
Proceed with the movements until the keys are generated as shown on the image below.
Enter a value on the Key passphrase field to protect your private key with a password.
Enter the username associated with the key on the Key Comment field, e.g. james as shown below:
Your public key is now ready for pasting. You will need to copy paste the value and store it in a text editor like notepad for future reference.
Also, click on the Save Private Key to store your private key on your local computer and give it a descriptive file name e.g. private_key_james .
Step 2: Copy the public key from your local computer to your Ubuntu 18.04 Server
We can now copy our public to our remote Ubuntu server. Log on to your Ubuntu server with the credentials of the user that you want to create the private/public key for.
Create a directory to store the public key using the commands below:
$ mkdir ~/.ssh
Then, open the authorized_keys file for editing using a nano editor by typing the commands below:
$ nano ~/.ssh/authorized_keys
Then copy paste the public key that we generated above to the text editor and press CTRL+X and Y to save the changes.
Please note you don’t need to use sudo to run the two commands above because they keys belong to the currently logged in user.
Step 3: Change the permissions for the authorized key directory and file
Change the directory permissions using the command below to avoid other users on the Ubuntu 18.04 server from accessing the private key file:
$ chmod 700 -R ~/.ssh && chmod 600 ~/.ssh/authorized_keys
Step 4: Disable password authentication on SSH
After creating the private and public key and copying the latter on your Ubuntu 18.04 server, go ahead and disable SSH password authentication. This will make sure that no-one can log on to the server using a username and a password combination.
To do this open the SSH configuration file using a nano editor with the command below:
$ sudo nano /etc/ssh/sshd_config
Find a directive written PasswordAuthentication and change its value to no
Restart SSH by typing the command below
$ sudo systemctl restart ssh
If a user tries to log on to the server with a username and a password, they are going to get this error
No supported authentication methods available (server sent: publickey)
Step 5: Log on to your server using the private key you created above
You can now log on to your server using the private key you created above.
If you are using Putty, Enter your Ubuntu 18.04 server IP address under Host Name (or IP address) as shown below.
Then, click on Connections – > SSH -> Auth from the left pane tree view as shown below and select the private key you created above under Private key file for authentication
Finally, click on open to connect to your Ubuntu 18.04 server. This time, you will be prompted to enter the passphrase that you entered when creating the public/private key pair instead of the regular password. However, you will need to enter your username as usual. If you followed all the steps above, you will successfully log on to your server.
Creating and log in to your Ubuntu 18.04 VPS using authentication key pair adds a very powerful layer of security to your machine. In fact, this is one of the first few steps that you should perform when you provision your Linux server for the first time. You can also combine this technology with powerful tools like Fail2Ban to make your server more secure. We hope you enjoyed the guide.
For further reading on hosting security concerns and best practices, read our hosting security guide.